Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libfits-java-1.15.2/src/main/fpack/diff/hcompress32.c
Examining data/libfits-java-1.15.2/src/main/fpack/diff/hcompress64.c
Examining data/libfits-java-1.15.2/src/main/fpack/fits_hcompress.c
Examining data/libfits-java-1.15.2/src/main/fpack/fits_hdecompress.c
Examining data/libfits-java-1.15.2/src/main/fpack/fpack.c
Examining data/libfits-java-1.15.2/src/main/fpack/fpack.h
Examining data/libfits-java-1.15.2/src/main/fpack/fpackutil.c
Examining data/libfits-java-1.15.2/src/main/fpack/funpack.c
Examining data/libfits-java-1.15.2/src/main/fpack/iraffits.c
Examining data/libfits-java-1.15.2/src/main/fpack/quantize.c
Examining data/libfits-java-1.15.2/src/main/fpack/ricecomp.c
Examining data/libfits-java-1.15.2/src/test/java/nom/tam/fits/compression/algorithm/quant/testdata.c
FINAL RESULTS:
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:984:8: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
(void)strncat (newpixname, &pixname[4], SZ_IM2PIXFILE);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1002:8: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
(void)strncat (newpixname, pixname, SZ_IM2PIXFILE);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:94:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmpnam, rootname); /* start with rootname */
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:95:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmpnam, suffix); /* append the suffix */
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:187:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (msg, "# %s (", infits); fp_msg (msg);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:291:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (msg, " %s\n", val); fp_msg (msg);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:381:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outfits,fpptr->prefix);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:388:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfits, infits);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:460:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfits, infits);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:562:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfits, fpvar.outfile);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:567:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outfits,fpvar.prefix);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:574:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfits, infits);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:602:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfits, infits);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:640:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempfilename, outfits); /* store temp file name, in case of abort */
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:730:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfits, temp);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:768:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp,outfits);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:769:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(temp);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:857:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hduname, hduloc); /* copy the first name into temporary string */
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:919:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hduname, hduloc); /* copy the next name into temporary string */
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:939:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pixfilename,bang+1);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:941:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pixfilename,pixname);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1331:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, value);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1373:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (str, value);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1505:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cval,v1);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1522:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cval,cpar);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:84:51: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
int fp_tmpnam(char *suffix, char *rootname, char *tmpnam)
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:94:10: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
strcpy (tmpnam, rootname); /* start with rootname */
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:95:9: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
strcat(tmpnam, suffix); /* append the suffix */
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:97:27: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
maxtry = SZ_STR - strlen(tmpnam) - 1;
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:100:17: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
if (fp_access(tmpnam)) break; /* good, the file does not exist */
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:101:10: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
strcat(tmpnam, "x"); /* append an x to the name, and try again */
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:106:11: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
fp_msg (tmpnam);
data/libfits-java-1.15.2/src/main/fpack/diff/hcompress32.c:248:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nbitplanes[3];
data/libfits-java-1.15.2/src/main/fpack/diff/hcompress32.c:397:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
doencode(char *outfile, int a[], int nx, int ny, unsigned char nbitplanes[3])
data/libfits-java-1.15.2/src/main/fpack/diff/hcompress64.c:251:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nbitplanes[3];
data/libfits-java-1.15.2/src/main/fpack/diff/hcompress64.c:401:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
doencode64(char *outfile, LONGLONG a[], int nx, int ny, unsigned char nbitplanes[3])
data/libfits-java-1.15.2/src/main/fpack/fits_hcompress.c:54:71: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int doencode(char *outfile, int a[], int nx, int ny, unsigned char nbitplanes[3]);
data/libfits-java-1.15.2/src/main/fpack/fits_hcompress.c:55:78: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int doencode64(char *outfile, LONGLONG a[], int nx, int ny, unsigned char nbitplanes[3]);
data/libfits-java-1.15.2/src/main/fpack/fits_hcompress.c:595:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char code_magic[2] = { (char)0xDD, (char)0x99 };
data/libfits-java-1.15.2/src/main/fpack/fits_hcompress.c:610:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nbitplanes[3];
data/libfits-java-1.15.2/src/main/fpack/fits_hcompress.c:771:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nbitplanes[3];
data/libfits-java-1.15.2/src/main/fpack/fits_hcompress.c:936:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/libfits-java-1.15.2/src/main/fpack/fits_hcompress.c:955:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[8];
data/libfits-java-1.15.2/src/main/fpack/fits_hcompress.c:978:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&file[noutchar], buffer, n);
data/libfits-java-1.15.2/src/main/fpack/fits_hcompress.c:998:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
doencode(char *outfile, int a[], int nx, int ny, unsigned char nbitplanes[3])
data/libfits-java-1.15.2/src/main/fpack/fits_hcompress.c:1037:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
doencode64(char *outfile, LONGLONG a[], int nx, int ny, unsigned char nbitplanes[3])
data/libfits-java-1.15.2/src/main/fpack/fits_hdecompress.c:63:78: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int dodecode(unsigned char *infile, int a[], int nx, int ny, unsigned char nbitplanes[3]);
data/libfits-java-1.15.2/src/main/fpack/fits_hdecompress.c:64:85: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int dodecode64(unsigned char *infile, LONGLONG a[], int nx, int ny, unsigned char nbitplanes[3]);
data/libfits-java-1.15.2/src/main/fpack/fits_hdecompress.c:1041:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char code_magic[2] = { (char)0xDD, (char)0x99 };
data/libfits-java-1.15.2/src/main/fpack/fits_hdecompress.c:1054:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nbitplanes[3];
data/libfits-java-1.15.2/src/main/fpack/fits_hdecompress.c:1055:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmagic[2];
data/libfits-java-1.15.2/src/main/fpack/fits_hdecompress.c:1102:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nbitplanes[3];
data/libfits-java-1.15.2/src/main/fpack/fits_hdecompress.c:1103:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmagic[2];
data/libfits-java-1.15.2/src/main/fpack/fits_hdecompress.c:1157:67: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dodecode(unsigned char *infile, int a[], int nx, int ny, unsigned char nbitplanes[3])
data/libfits-java-1.15.2/src/main/fpack/fits_hdecompress.c:1216:74: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dodecode64(unsigned char *infile, LONGLONG a[], int nx, int ny, unsigned char nbitplanes[3])
data/libfits-java-1.15.2/src/main/fpack/fits_hdecompress.c:2409:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/libfits-java-1.15.2/src/main/fpack/fits_hdecompress.c:2431:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[8];
data/libfits-java-1.15.2/src/main/fpack/fits_hdecompress.c:2456:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &file[nextchar], n);
data/libfits-java-1.15.2/src/main/fpack/fpack.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[SZ_STR], tile[SZ_STR];
data/libfits-java-1.15.2/src/main/fpack/fpack.c:107:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
doffset = atoi(argv[iarg]+2);
data/libfits-java-1.15.2/src/main/fpack/fpack.c:228:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fpptr->ntile[ndim] = atol (&tile[ii]);
data/libfits-java-1.15.2/src/main/fpack/fpack.c:233:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp, "%d\n", MAX_COMPRESS_DIM); fp_msg (tmp);
data/libfits-java-1.15.2/src/main/fpack/fpack.h:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[SZ_STR];
data/libfits-java-1.15.2/src/main/fpack/fpack.h:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extname[SZ_STR];
data/libfits-java-1.15.2/src/main/fpack/fpack.h:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile[SZ_STR];
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:15:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfilename[SZ_STR];
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:16:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfilename2[SZ_STR];
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:17:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfilename3[SZ_STR];
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:59:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfitsioversion[40];
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:63:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cfitsioversion, " CFITSIO version %5.3f", version);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:74:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
diskfile = fopen(filename, "r");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infits[SZ_STR], msg[SZ_STR];
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:191:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "%I64d bytes)\n", sizell); fp_msg (msg);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:193:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "%lld bytes)\n", sizell); fp_msg (msg);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:195:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "%ld bytes)\n", sizell); fp_msg (msg);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SZ_STR], val[SZ_CARD], com[SZ_CARD];
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:243:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg, " %d IMAGE", hdupos); fp_msg (msg);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:244:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg, " SUMS=%u/%u", ~hdusum, datasum); fp_msg (msg);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:248:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg, " BITPIX=%d", bitpix); fp_msg (msg);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:251:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg, " [no_pixels]"); fp_msg (msg);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:253:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg, " [%d]", naxes[1]); fp_msg (msg);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:255:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg, " [%d", naxes[0]); fp_msg (msg);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:257:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg, "x%d", naxes[ii]); fp_msg (msg);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:281:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg, " %d ASCII_TBL", hdupos); fp_msg (msg);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:282:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg, " SUMS=%u/%u\n", ~hdusum, datasum); fp_msg (msg);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:285:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg, " %d BINARY_TBL", hdupos); fp_msg (msg);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:286:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg, " SUMS=%u/%u\n", ~hdusum, datasum); fp_msg (msg);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:289:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg, " %d OTHER", hdupos); fp_msg (msg);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:290:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg, " SUMS=%u/%u", ~hdusum, datasum); fp_msg (msg);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:302:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infits[SZ_STR], outfits[SZ_STR], temp[SZ_STR], *cptr;
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:331:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(infits, ".fz"); /* a .fz version exsits */
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:340:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(infits, ".fz");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:386:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outfits, "output.fits");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:420:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outfits, ".gz");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:434:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(infits, ".gz"); /* a gzipped version exsits */
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:458:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outfits, "input.fits");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:473:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outfits, ".fits");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:478:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outfits, ".fz");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:499:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infits[SZ_STR], outfits[SZ_STR];
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[SZ_STR], answer[30], *cptr;
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:511:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outreport = fopen(fpvar.outfile, "w");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:554:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(infits, ".fz"); /* a .fz version must exsit */
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:572:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outfits, "output.fits");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:600:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outfits, "input.fits");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:615:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outfits, ".fits");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:622:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outfits, ".fz");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:767:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp, "gzip -1 ");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:770:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outfits, ".gz"); /* only possibible with funpack */
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:843:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *loc, *hduloc, hduname[SZ_STR];
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:986:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dtype[8], dimen[100];
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1081:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dtype, "8 ");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1085:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dtype, "16 ");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1089:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dtype, "32 ");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1093:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dtype, "64 ");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1096:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dtype, "-32");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1100:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dtype, "-64");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1110:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dimen," (%d", naxes[0]);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1113:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dimen+len,",%d", naxes[ii]);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1213:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfits[SZ_STR];
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1492:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctype[20], lossless[4];
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1508:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ctype, "RICE");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1510:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ctype, "GZIP");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1516:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ctype, "PLIO");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1518:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ctype, "HCOMP");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1520:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ctype, "NONE");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1584:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lossless, "Yes");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1587:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lossless, "No");
data/libfits-java-1.15.2/src/main/fpack/funpack.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[SZ_STR], tile[SZ_STR];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:187:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pixfilename[SZ_IM2PIXFILE+1];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:271:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[81];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:278:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen (filename, "rb");
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:312:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmsg, "IRAFRHEAD Cannot allocate %d-byte header",
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:326:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmsg, "IRAFRHEAD header file: %d / %d bytes read.",
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:352:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pixname[SZ_IM2PIXFILE+1];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:353:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[81];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:364:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen (bang + 1, "rb");
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:366:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen (pixname, "rb");
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:387:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmsg, "IRAF pixel file: %d / %d bytes read.",
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:434:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmsg, "IRAFRIMAGE Cannot allocate %d-byte image buffer",
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:472:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmsg, "IRAF pixel file: %d / %d bytes read.",
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:565:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fhead, *fhead1, *fp, endline[81];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:567:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fitsline[81];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:572:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[81];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:615:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmsg, "IRAF2FITS Cannot allocate %d-byte FITS header",
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:666:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmsg,"Unsupported IRAF data type: %d", pixtype);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1255:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[8];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1323:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[30];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1398:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cval[80];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1400:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwhite[2];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1401:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char squot[2], dquot[2], lbracket[2], rbracket[2], slash[2], comma[2];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1402:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[81]; /* large for ESO hierarchical keywords */
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1403:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[100];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1513:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ipar = atoi (brack1);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1805:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[30];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1808:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value,"%d",ival);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1828:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[8];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1856:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[70];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1890:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[100];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1891:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newcom[50];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1892:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blank[80];
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:2031:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[100];
data/libfits-java-1.15.2/src/main/fpack/fpack.c:47:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((argv[iarg][0] == '-' && strlen (argv[iarg]) == 2) ||
data/libfits-java-1.15.2/src/main/fpack/fpack.c:146:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tile, argv[iarg], SZ_STR); /* checked below */
data/libfits-java-1.15.2/src/main/fpack/fpack.c:184:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fpptr->outfile, argv[iarg], SZ_STR);
data/libfits-java-1.15.2/src/main/fpack/fpack.c:219:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (tile);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:90:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(suffix) + strlen(rootname) > SZ_STR-5) {
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:90:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(suffix) + strlen(rootname) > SZ_STR-5) {
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:97:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxtry = SZ_STR - strlen(tmpnam) - 1;
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:101:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmpnam, "x"); /* append an x to the name, and try again */
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:166:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (infits, argv[iarg], SZ_STR);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:313:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[iarg]) > SZ_STR - 4) { /* allow for .fz or .gz suffix */
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:318:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (infits, argv[iarg], SZ_STR);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:333:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(infits);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:339:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(infits);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:377:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fpptr->prefix) + strlen(infits) > SZ_STR - 1) {
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:377:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fpptr->prefix) + strlen(infits) > SZ_STR - 1) {
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:392:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(outfits);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:400:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(outfits);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:425:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(outfits);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:436:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(infits);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:445:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(infits);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:464:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(outfits);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:470:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(outfits);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:546:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (infits, argv[iarg], SZ_STR - 1);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:559:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outfits, "-");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:578:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(outfits);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:585:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(outfits);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:595:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outfits, "-");
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:606:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(outfits);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:612:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(outfits);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:626:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, outfits, SZ_STR-1);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:862:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hduloc += strlen(hduname); /* end of the list */
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1111:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len =strlen(dimen);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1114:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len =strlen(dimen);
data/libfits-java-1.15.2/src/main/fpack/fpackutil.c:1116:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dimen, ")");
data/libfits-java-1.15.2/src/main/fpack/funpack.c:46:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argv[iarg][0] == '-' && strlen (argv[iarg]) == 2) {
data/libfits-java-1.15.2/src/main/fpack/funpack.c:59:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fpptr->prefix, argv[iarg], SZ_STR);
data/libfits-java-1.15.2/src/main/fpack/funpack.c:65:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fpptr->extname, argv[iarg], SZ_STR);
data/libfits-java-1.15.2/src/main/fpack/funpack.c:92:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fpptr->outfile, argv[iarg], SZ_STR);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:575:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
(void)strncpy (endline,"END", 3);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:623:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (fitsheader, endline, 80);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:710:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((lstr = strlen (objname)) < 8) {
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:810:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (fhead, fitsline, 80);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:822:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (fhead, fitsline, 80);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:852:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (fhead, fitsline, 80);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:863:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (fhead, fitsline, 80);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:879:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (fhead, endline, 80);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:888:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (endline," ",3);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:890:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (fp, endline,80);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:971:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (newpixname, hdrname, SZ_IM2PIXFILE);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:974:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (newpixname);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:989:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (newpixname, hdrname, SZ_IM2PIXFILE);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:992:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (newpixname);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1009:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (newpixname, hdrname, SZ_IM2PIXFILE);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1010:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (newpixname);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1371:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lval = strlen (value);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1375:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (str, value, lstr-1);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1422:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (keyword,keyword0, sizeof(keyword)-1);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1446:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (line,vpos,80);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1581:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lkey = strlen (keyword);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1676:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lkey = strlen (keyword);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1719:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ls1 = strlen (s1);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1743:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ls2 = strlen (s2);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1832:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (value, "T");
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1834:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (value, "F");
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1861:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lcval = strlen (cval);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1867:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (&value[1],cval,lcval);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1900:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lkeyword = strlen (keyword);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1901:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lval = strlen (value);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1912:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (v2, v1, 80);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1915:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (v1,keyword,7);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1922:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (v1+9,value,lval);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1941:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (v2, ve, 80);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1951:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (line, v1, 80);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1967:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (newcom, c1+1, lcom);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1971:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lcom = strlen (newcom);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1984:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (v1, keyword, lkeyword);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:1993:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (vp, value, lval);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:2001:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (vp, value, lval);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:2012:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (vp, newcom, lcom);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:2038:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lkeyword = strlen (keyword);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:2047:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (v2, v1, 80);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:2052:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (v1, keyword, lkeyword);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:2066:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (line, v1, 80);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:2080:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (c0, "/ ",2);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:2084:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lcom = strlen (comment);
data/libfits-java-1.15.2/src/main/fpack/iraffits.c:2090:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (c1, comment, lcom);
ANALYSIS SUMMARY:
Hits = 247
Lines analyzed = 15952 in approximately 0.50 seconds (31920 lines/second)
Physical Source Lines of Code (SLOC) = 9966
Hits@level = [0] 33 [1] 86 [2] 129 [3] 7 [4] 23 [5] 2
Hits@level+ = [0+] 280 [1+] 247 [2+] 161 [3+] 32 [4+] 25 [5+] 2
Hits/KSLOC@level+ = [0+] 28.0955 [1+] 24.7843 [2+] 16.1549 [3+] 3.21092 [4+] 2.50853 [5+] 0.200682
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.